This Page Is Inserted by IFW Operations 
and is not a part of the Official Record 

BEST AVAILABLE IMAGES 



Defective images within this document are accurate representations of 
the original documents submitted by the applicant. 

Defects in the images may include (but are not limited to): 



BLACK BORDERS 

TEXT CUT OFF AT TOP, BOTTOM OR SIDES 
FADED TEXT 
ILLEGIBLE TEXT 
SKEWED/SLANTED IMAGES 
COLORED PHOTOS 

BLACK OR VERY BLACK AND WHITE DARK PHOTOS 
GRAY SCALE DOCUMENTS 



IMAGES ARE BEST AVAILABLE COPY. 



As rescanning documents will not correct images, 
please do not report the images to the 
Image Problem Mailbox. 



Searching PAJ 



Page 1 of 2 



PATENT ABSTRACTS OF JAPAN 



(1 1 )Publication number : 2000-020469 
(43)Date of publication of application : 21.01.2000 



{ 

(51)lnt.CI. 




G06F 15/00 
H04L 9/08 
H04L 9/32 




< 

(21)Application number : 


10-187925 


(71)Applicant : 


NEC CORP 


(22)Date of filing : 


02.07.1998 


(72) Inventor : 


FUJIWARA YOHEI 



(54) METHOD AND DEVISE FOR MANAGING PASSWORD 

(57)Abstract: 

PROBLEM TO BE SOLVED: To improve the security of 
NIS of a UNIX system and to reduce the burden imposed 
on a managing server. 

SOLUTION: Concerning the password managing 
method for managing a password for permitting the use 
of data in a network for a user, the method is provided 
with a managing client 200 for managing the user, a 
managing server 100 for managing the passwords of all 
the uses through the respective managing clients 200, 
and the user information data base for storing the 
password information of users to be used of the 
respective managing clients 200. When a user is to 
update the password, the user inputs the new password 
to the managing client 200, the managing client 200 
stores the former enciphered password and the new enciphered password in pair to the 
password change request file at fixed time and transfers both the enciphered passwords to 
the managing server 100, and the managing server 100 performs processing for changing the 
password of the user while referring to the said user information data base at fixed time. 
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* NOTICES * 

Japan Patent Office is not responsible for any 
damages caused by the use of this translation, 

1 .This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2 **** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 



CLAIMS 



[Claim(s)] 

[Claim 1] In the password management method which manages the password for permitting the data use 
in a user's network The management client which manages a user, and the management server which 
manages all users 1 password through said each management client, It has the User Information database 
which stores a user's password information used by said each management client. In case a user updates 
a password, a user enters a new password into said management client. Said management client stores 
the old encryption password and a new encryption password in the file for a password change wish on 
schedule at a pair. It is the password management method which transmits both the encryption password 
to said management server, and is characterized by said management server performing processing 
which changes a user's modification password, referring to said User Information database on schedule. 
[Claim 2] It is the password management method characterized by said each management client and said 
management server performing said password change processing by regular batch processing on 
schedule in a password management method according to claim 1. 

[Claim 3] In the password management method which manages the password for permitting the data use 
in a user's network In the step which makes a management client the step which sets up one server 
which performs password management, and other machines, and said each management client The step 
which performs processing which is not immediately reflected in a system when there is a password 
change demand by the user, The step which saves password change information per user ID to a 
password management directory, if it becomes on schedule — the management server from said each 
management client -- a password changing with the step to transmit The step which will process the 
password change wish transmitted from said each management client, and will check that the password 
change wish concerned is effective if said management server side also becomes on schedule, The step 
to which said management server transmits password update information to said each management 
client, the step which modification of a password will complete by processing the password update 
information transmitted from said management server in said each management client, and being 
reflected in said network if it becomes on schedule — since — the password management method 
characterized by becoming. 

[Claim 4] The new password information transmitted between said management clients and said 
management servers in a password management method according to claim 3 is a password management 
method characterized by not having been enciphered by the standard password function manager for OS, 
and enciphering using the common cryptographic key managed by said management server and said 
each management client. 

[Claim 5] In the password management equipment which manages the password for permitting the data 
use in a user's network The management client which manages a user, and the management server which 
manages all users' password through said management client, It has the User Information database 
which stores a user's password information used by said each management client. Said management 
client An input means by which said user enters a new password into said management client, A file 
memory means to store the old encryption password and a new encryption password in the file for a 
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password change wish on schedule at a pair, It has a transfer means to transmit said both encryption 
password to said management server. Said management server A password change processing means to 
perform processing changed into said new password of said user, referring to said User Information 
database on schedule, Password management equipment characterized by having a transfer means to 
transmit the password information of the result depended on said password change processing means to 
said management client using said both encryption password and a common encryption means. 
[Claim 6] It is password management equipment which makes only for managements the encryption 
new password which said management client enciphered the old password and the new password 
entered with said input means in password management equipment according to claim 5, respectively, 
saved, and enciphered the new password, and is characterized by to transmit to said management server 
by carrying out the encryption old password which enciphered the old password to management. 



[Translation done.] 
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DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] In a UNIX system, without using NIS (Network Information Service) generally 
used, this invention aims at improvement in security, and relates to the password management method 
and password management equipment which perform password management which is used in case two 
or more machines are operated, and which was put in block. 
[0002] 

[Description of the Prior Art] Conventionally, it is indicated by JP,60- 164859, A as a password 
management method. This official report is related with the password management method of a 
distributed-processing computer system. As opposed to what had had and managed the password 
database according to the individual per conventional computer A local password database is installed in 
the local computer by which distributed installation was carried out. Share a local computer and to the 
host computer which carries out a centralized control The host password database which includes all 
local password databases is installed. It is characterized by registering a password into a host password 
database and the appointed local password database, respectively, and carrying out common 
management from the terminal of arbitration connected to this system. In this way, the troublesomeness 
of the migration procedure of the user by having managed separately for each [ which was distributed 
conventionally ] computer of every could be removed, prevention of an unauthorized use of a password 
could be coped with quickly, and a password registration function manager with big size did not need to 
be provided for every local, either, and has done so the effectiveness of enabling simplification of the 
function of a local computer, and mitigation of a load. 

[0003] Moreover, the "network user authentication approach" is indicated by JP,8-335207,A, and it is in 
it. The system chart indicated by this official report is shown and explained to drawing 8 . As shown in 
drawing 8 , there are some which access each network mutually through a gateway computer. In order to 
use the resource of such an integrated network, a user needs to prove the justification of his identity to 
the server which has a user authentication function in each connected network. A log in, a call, and a 
user offer a password for this actuation to a server, and its identity is proved. 
[0004] In drawing 8 , in case a user logs in to a network 1 from the computers 15-16 for users of a 
network 9, he will mind a gateway computer 1 1 . The security method in such two or more hierarchies' 
network is a method which judges the existence of the access privilege to other nodes with transmitting 
the password to each node which the user inputted to the gateway computer 1 1 of a node used as a direct 
access place, and a node checking a password. 

[0005] The communication media 2 which a network 1 connects each element in a network 1 physically 
and logically, and turn into a medium of various data transfer, The management computer 3 which 
performs specially authentication processing of each element and a user which constitutes a network 1, 
The database 4 for managing the information (ID, password, etc.) about each element and user of a 
network 1, The authentication courtesy counter 5 which gives a cryptographic key and a log in 
certificate to a requiring agency according to the demand from each network element and a network 
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user, With the data base manager 6 which performs read-out and the writing of data from a database 4 
The server 7 which offers various services according to the demand from a client 8, the client 8 which 
communicates with a management computer 3 or a server 7 according to the demand which provides the 
user of a network 1 with a command interface or an application program, and is emitted by the user 
through them - since — it is constituted. 

[0006] Moreover, the network 9 managed independently [ a network 1 ] The communication media 10 
which connect physically between each element in nine in a network, and logically, and turn into a 
medium of various data transfer, The gateway computer 1 1 with the role which is connected to 
communication media 2 and 10, transmits the command from the computers 15-16 between users to a 
network 1, and answers the computer for users in a result, The authentication processing section 12 
which transmits an authentication demand to a management computer 3, and performs log in processing 
to a network 1, The password managed table 13 which manages a gateway computer 1 1 and the 
information (ID, password, etc.) about the user of a network 9, the server 14 which offers various 
services, the computers 15 and 16 for users which communicate according to a demand of the user of a 
network 9, and the authentication demand section 17 which enters a user's ED and password — since — it 
is constituted. 

[0007] Then, if an authentication demand and user ID are transmitted to a management computer 13 
from the user computer 15 in the case of a log in, a management computer 13 will be returned to the 
client for which a user uses the log in certificate enciphered with a user's password, and a cryptographic 
key. A client 8 decrypts a log in certificate and a cryptographic key with the password which the user 
entered. In this way, authentication is made possible in a network 1, without a password flowing. 
Moreover, the user in a network 1 makes authentication possible, without pouring a password to a 
network 9 similarly, and supposes that unjust acquisition of the password in a gateway computer can be 
eliminated. 

[0008] Moreover, on the other hand, in the UNIX system equipped with a network function as standard, 
in case user management of two or more machines is performed to a package with NFS (Network File 
System) of a distributed file system, the so-called NIS (Network Information Service) of an identifier 
server is used frequently. The centralized control of the identifier of each user on a management server 
and a password can be performed without troubling the effort of a network administrator making 
modification of a system reflect for each machine of every by using NIS. 

[0009] NIS consists of on a client server model. An NIS server is a host with the NIS data file called a 

map, and an NIS client is a host who demands such map information. 

[0010] 

[Problem(s) to be Solved by the Invention] However, there are the following troubles in NIS. 
[001 1] Since others 1 password is easily decipherable to it once password information is flying about to 
the 1st continuously and receives a network top to it like [ when changing the time of logging in, and a 
password ], I hear that a problem is in security and it is in it. 

[0012] Moreover, since it says at a server an inquiry whenever a client has [ 2nd ] a demand, or a map is 
transmitted to a slave at any time from a server, I hear that a load is applied to a network and a 
management server, and it is in them. According to the official report explained in the above-mentioned 
conventional example, this 2nd trouble is not solved. 

[0013] This invention makes it a technical problem to mitigate the burden of a management server while 

improving the security of NIS of the above-mentioned UNIX system. 

[0014] 

[Means for Solving the Problem] In the password management method which manages a password for 
this invention to permit the data use in a user's network The management client which manages a user, 
and the management server which manages all users* password through said each management client, It 
has the User Information database which stores a user's password information used by said each 
management client. In case a user updates a password, a user enters a new password into said 
management client. Said management client stores the old encryption password and a new encryption 
password in the file for a password change wish on schedule at a pair. It is characterized by performing 
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processing which changes a user's modification password, transmitting both the encryption password to 
said management server, and said management server referring to said User Information database on 
schedule. 

[0015] Moreover, this invention is set to the password management method which manages the 
password for permitting the data use in a user's network. In the step which makes a management client 
the step which sets up one server which performs password management, and other machines, and said 
each management client The step which performs processing which is not immediately reflected in a 
system when there is a password change demand by the user, The step which saves password change 
information per user ID to a password management directory, if it becomes on schedule — the 
management server from said each management client — a password — changing with the step to 
transmit The step which will process the password change wish transmitted from said each management 
client, and will check that the password change wish concerned is effective if said management server 
side also becomes on schedule, The step to which said management server transmits password update 
information to said each management client, the step which modification of a password will complete by 
processing the password update information transmitted from said management server in said each 
management client, and being reflected in said network if it becomes on schedule - since -- it is 
characterized by becoming. 

[0016] Furthermore, this invention is set to the password management equipment which manages the 
password for permitting the data use in a user's network. The management client which manages a user, 
and the management server which manages all users 1 password through said each management client, 
An input means by which have the User Information database which stores a user's password 
information used by said each management client, and a user enters a new password into said 
management client, A file memory means by which said management client stores the old encryption 
password and a new encryption password in the file for a password change wish on schedule at a pair, 
They are characterized by having a password change processing means to perform processing which 
changes a user's modification password, a transfer means to transmit said both encryption password to 
said management server, and said management server referring to said User Information database, on 
schedule. 
[0017] 

[Embodiment of the Invention] The operation gestalt by this invention is explained to a detail, referring 
to a drawing. 

[0018] [The 1st operation gestalt] 

(Configuration of this operation gestalt) In drawing 1 , it becomes the management client 200 of WS 
(Workstation) which has adopted UNIX, and the management server 100 as an operating system that 
this method is applicable. With [ the number of the management client 200 ] one [ or more ], especially 
the limit is not prepared although the management server 100 consists of one set. 
[0019] The password change processing 120 by the regular batch which performs the password change 
wish which the User Information database DB 1 10 has been arranged and had a demand in the 
management server 100 from each user, The regular batch password update information creation 
processing 130 which writes a user's information registered into that day in which total for every client, 
keep total data to a file for every client, and the file is deleted with the notice of the completion of 
updating, The notice of the completion of updating is checked from each client, and each processing of 
the notice check processing 140 of regular batch update completion in which the update information 
from a client with a notice is deleted is made. Moreover, when you have transfer failure and no notice, 
updating or compulsive reflection 150 by the operations manager is again processed on the next day at 
the time of updating. 

[0020] Moreover, when the password change command 210 which saves the password to change for 
every user to the directory for modification information registration is emitted by each management 
client 200, the password change wish transfer 220 which transmits the modification information on a 
password to a management server in a regular batch is performed, User Information which has 
transmitted in a regular batch follows, and it is password. The renewal 230 of a password carry out the 
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modification processing of shadow is performed, and the notice transfer 240 of the completion of 
updating is performed to a management server. 

[0021] Since the management server and management client by this operation gestalt performed 
updating and management processing of a password, an expression called a management server and a 
management client was especially used for them, but even if it is a general server and a client, since they 
can attain the configuration, and actuation and an operation of this operation gestalt, they do not adhere 
to the name. 

[0022] (Actuation of this operation gestalt) Next, actuation of this whole operation gestalt is explained 
to a detail with reference to drawing 2 . By the UNIX system, when a password is generated in a 
transmission line, since it is a phase and a time of changing a password, the actuation at the time of a 
password change is explained at the beginning which registers self identifier and password when 
wishing entry to a system. 

[0023] First, in each management client 200, a user executes the password change command 210 
prepared for these methods. The password enciphered from the password entry of each management 
client (trypt) is extracted (211). The password before the user itself changing into the next is entered 
(212). Compare this enciphered password with the entered password (213), and a user check will be 
ended if in agreement. Enter a new password twice for a check (214), and the file for a password change 
wish is created. The new password enciphered as the enciphered old password is saved (215), a new 
password is enciphered, it carries out only to managements, the entered old password is enciphered, and 
it transmits to (216) and the management server 100 as an object for management. 
[0024] The file for a password change wish is created for every user ID by executing this command. The 
new password and the old password which were enciphered by the exclusive cryptographic key are 
saved at this file. If this file becomes on schedule every day, it will be transmitted to a management 
server (management client password change command 210 of drawing 2 ). 

[0025] Next, by the management server 100, as shown in drawing 2 , if it becomes on schedule every 
day, password change processing will be performed (120). The new password which read each 
transmitted file for a password change wish, and was enciphered as the enciphered old password is read 
(121), the password of User Information DB1 10 is compared with the sent old password (122), and if 
equal, a new password (what was enciphered by the exclusive cryptographic key) is registered and (123) 
stored in User Information DB1 10 (password change processing 120 of the management server of 
drawing 2 ). 

[0026] Next, in the management server 100, if it becomes on schedule every day, as user update 
information creation processing 130, a password change will be read from User Information DB1 10 
(161), and the updated list list which bundled up the password with which it was enciphered only for 
[ on User Information DB1 10 ] managements will be written in the file for a transfer (162). It is 
transmitted to each management client 200 which corresponds this user update information (163). 
[0027] When it becomes on schedule every day, the transmitted user update information file is read and 
compound-ized (231), and the password registered on User Information DB1 10 is made to reflect in a 
system by each management client 200 finally (management client User Information update process 230 
of drawing 2 ). 

[0028] Next, each processing is explained concretely. 

[0029] With reference to drawing 4 , the password change command 210 prepared for each management 
client 200 is explained first. If this command is executed, the input of a current password will be 
required (211) and a current password will be entered (212). If the entered password and the password 
registered into /etc/shadow are equal (213), the input of a new password will be required twice 
(214,214'). If a new password is the same twice [ both ] (215), the old password and a new password 
will be written in a password change wish file (217), and a password will be enciphered by the 
cryptographic key only for managements (218). The enciphered password is transmitted to a 
management server, on the other hand - step 213,215 - it is - etc. - it spreads - twisting — a case -- 
steps 21 A and 2 IB — password coincidence - not carrying out — ****** — warning [ like ] is emitted 
and it ends. 
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[0030] Next, with reference to drawing 5 , the password change wish transfer processing 220 is 
explained. If it becomes on schedule every day, the password change wish file for every user under a 
password management directory will be searched with each management client 200 (221), and a 
password change file will be altogether transmitted to the management server 100 using the rep 
command (222). It judges whether it succeeded in the transfer (223), and the password change wish file 
on each management client is deleted after checking a transfer success (224). When a transfer goes 
wrong at step 223, processing again transmitted at the time of next starting is performed. 
[0031] Next, with reference to drawing 3 , the password change processing 120 on the management 
server 100 is explained. In the management server 100, if it becomes on schedule every day, the 
password change wish file 220 transmitted from each management client will be processed. First, the list 
of files in a password management directory is created, and it processes it one [ at a time ] (121). Next, 
the old password and a new password are read from the password information file 111 (122). Next, the 
password on User Information DB1 10 is read (123). About each file, if the password on User 
Information DB1 10 and the old password on a file are equal (124), a new password is made to reflect on 
User Information DB1 10, and is stored (125). (status: password change) Otherwise, the electronic mail 
of the purport which is an abnormal condition is transmitted to a user with a request, and addressing to a 
management server operator (128), and status on the user D information B is changed into "password 
update failed" (129). The transmitted file is deleted after these processings are completed (126). The 
above-mentioned processing is repeated for every user (127). 

[0032] Next, with reference to drawing 6 , the user update information creation processing 130 on the 
management server 100 is explained. If it becomes on schedule in the management server 100 every 
day, all users 1 update information will be checked on User Information DB1 10 (131). Search a list with 
renewal of a password and it judges whether the flag of the updated purport is ON (132). every 
corresponding registration place - a use situation - checking (133) - status of a use situation -- a 
password change — or it judging whether it is one of the password update failed (134), and, if it is a 
password change It creates in the form where a user update information file is Append(ed) as a transfer 
file of the corresponding registration place (135). This is processed for every registration place, if all 
registration places are checked (137) and it ends, an update flag will be cleared (138), and it judges 
whether all users 1 check was ended (139), and ends. 

[0033] Finally, with reference to drawing 7 , the renewal 230 of User Information on the management 
client 200 is explained. In each management client 200, if it becomes on schedule every day, it will start 
as a regular batch and the information transmitted from the management server 100 once [ 1 ] per day 
will be processed. The management client 200 searches the transmitted User Information update file 
(234), processes it sequentially according to the contents of the user update information file, and is read 
from the pointer of a file by one line (235). Next, a setup of a management client is changed into the 
password shown from the management server 100 (236). The additional writing of the updating result is 
carried out at the notice file of updating (237). Next it confirms whether reading was ended to the last of 
a user update information file (238), and the notice file of updating is transmitted to a management 
server (239). In this way, if modification of a password is checked, it will be written in the notice file of 
updating, and the notice file of updating will be transmitted to a management server after completing all 
processings (239). 

[0034] In drawing 1 , as mentioned above, in order that the management client 200 may update a 
password on schedule, it performs modification processing of a password according to transmitted User 
Information (230), and transmits the file which described having carried out the completion of updating 
of this result for the notice transmission of the completion of updating to the management server 100 as 
regular batch processing, (240). In a management server, the notice of the completion of updating is 
checked from each management client 200 as notice check processing of the completion of updating of 
regular batch processing. Then, the update information from a management client with a notice is 
deleted. In this way, a series of batch processing is ended (140). Here, when a transfer goes wrong, in 
the management server 100, regular batch processing is made at the next day, for example, re-transfer 
directions are carried out at a management client at the compulsive target by ** or the operations 
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manager, and the completion processing of updating is performed (150). 
[0035] 

[Effect of the Invention] Since according to this invention password information was enciphered and it 
has transmitted on a network using the cryptographic key of the dedication which shared between a 
management server and each management client, and has been managed, it is in being easily 
undecipherable even if the password information file under transfer includes others 1 hand. Consequently, 
the security of a system improves. 

[0036] Moreover, since a centralized control is carried out on a management server, the package 
management of the management client which are two or more UNIX machines can be carried out. 
Consequently, the effort in a system management mitigates. 

[0037] Furthermore, since on time ** does not have the information transfer between a management 
server and each management client and it is performed every day using a regular batch, the traffic which 
flows a network top can be mitigated and the load of a management server and each management client 
can be mitigated. Consequently, the load to a network mitigates. 



[Translation done.] 
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msl&'mfy J 7y blz&^x. a— f t J: o >uv 

- KSgHSfcP&ofci: # isXy-Mz-f <wmLt£\^k 

A'X7-^f -f 1^7 h U fca— f I Dft&ttV 

- Y$zwmzm--t zxt vrb , 

AX7- F<0£MIBV VOTES!? l>7.-r -y 7" b . 
Fa>4>*ES$*Vt I^U7- KSKHWM&aLT S 

^/■u y- k^hhv wrnith h^b zmz-th Xt 

mmmv-'wmz&m?y4 7>biztttx^x 

v-vjmmmimmtzxT-yTb. 

miz%i kflriBSfs? 5 7 > FT<iflna««-9-- 

F 7- ? \z$mh Zbiz£<0>*X7- F<?>£H#£7 
-f&XT-vTb. fr^&ZbZmibt&^XV-V 

imm4 ] mmsiztmwxv- KWMfefc: 



ie#<g3i ?y47yb vm uo * * imovg^m - 
zm^xtsmtitii><?>'?f>hzb&mib?&*x'7 

ff^?££^?)AX'7- F£«g-$-|>A*X7- FfHIg 

3--w§mt& t m?y47ybb. mi*m-?y4 

TV F £il CX£a~ f «/«7- F £<fg? StS? 
XV- Ftf ff^ttHW-Sa—fff Wr-?^-Xb Srfil 

mum? yA 7y v \z\-h-?h\-h%-vkb , 

-Ft KM fl^U7 - F Sr«t1SJfrf S 7 t W ;HB 

wEPPftfly^?- Yzmmmv-'tiizimtm 
mmb. mi. 

mvmv-'Vi. femzmi3--?m$T-?<-x 
z&mi^mi3--*f<?>m&§i'-<x i 7- Yizmttz 
nm&ft o^xv- FS3S®i#afc » 
ffiSA-x v- FSQg»a*at i 5i^u7- Ftt 
mmmmitrtxy- vb#mmw&&im» 
xmi^?y4 7yhizffi£tz>ffi*^mb. &mt 

tzZ b Zmmb-fZ'^xy- FfSgE. 

mime 1 mm. 5 iztmwxv- vmmwiz 
a^x. 

mvm?y47yv\t. miAtt&x-AJi itzm^ 

X7-YbW*X7- YbZ*ti?tmWk.LX$& 
U m^xv- Y SrHf^L^m-t-fbgrA-xv- F SrW 

m&mbt. iBAX7-F*m^-fbUfcm^W'«x7 
mibth^xv- Ywmw. 

[000 1] 

[»«*>IW-4atlHHff] *^y1<i. UN I XyXfA 
fcfcWC, -«fcjflJffl$nTV>2,N I S (Net*»rk Info 
nnation Service) -t^ j. Ut-C <0|n3± 

7- F'gs s-tT a /U7- Y'smfrmRW U7- Ft 

[00023 

H36 0-1 648 5 9^4MRfcJB*S*lTV»*. *^fB 
tt. ^l«?iaaye J .-^x7.xA«oy^7-F^I^ 
^tcBH L , (£#co=i > e*-^*ffl-Cffl»Uc F 
7-?<-xmiX'miX^t:i><r){zttL. MSB. 
WZIxtzu-ljfrziyVi.-ti.z'a-tiWxv-YT 
-9<-x*W>m.L. o-^nyejL-^J-^L. 
fk^'mth-frxYnycz.—ri.z. itxoti-tiw 
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9<-x£m.l. K^xf^KSKSiiSffiK*)** 
X *)^xv~ V £ *x h^x 7- Kr- W 
izmfenv-ti^xv-F^-fK-xizZtiZtig: 
»U £>I»ri>£t£#&t LO*. £3 I/O 

z%rtxy-v%mmw&i>. u-tiiwzmth 
mnm^mt -t h t 03 ®&zm lx ^* . 

[ 0 0 0 3 ] ttHFF8 - 3 3 5 2 0 7#&f8fc 
r* 7 h7-;a- «fBIEfiftfcj sWHSSfu*. 18 

8t^-fJ:plc, ^'-r-yx^yt^-^^LOg- 

^vyy-iz&mzTt-tx-rhbWbh. co«t 

i#8B£$*i££*-y h7-?4><0x-iff2SHgt££:rf 

[0004] H8ti>v*0 X--1r"«;*-»/ r-7-?90 
jl— 5-1 6*>£>*-y r-7-? 1^ 

o^^SRIfc:. 1-7x4 nyti-; 1 1 £<ft 

F^ovtty-Kfc. it&^7?HrX5fct : 5:.2>/-F<7) 
7- H -y Z b X'mr>J~ YW>T9*iXm 

[00 0 5] *v H7-*ltt. 
&£jlfl&ft2 t , *«y r-7-7 1 S-fifJfcf S&S** 

a— r aBBffiasvn&rr a tan y tr 3 t . 
*<y \-v-9 lo&mm^-wzm-ritim (id, 

/U7-Hf) Sr < g=B|-ri)^:ft<7)T-^"<.-^4 b , * 

t. T-*<-X4a^T-^SgAa^§#S*£ 
ffdr-^-xlssset, ^7-fryh8*><c.co^ 

£KjStT&«^-t'X£lgttri>lJ--A'7t. *-yh 
V-9 lflx-ffea^K-f y^-7i-X^>77'J 
^-^ 3 yro/7A£ilttL*ft££ffll/tx-ir> 

[00 06] *-y ttt&itUISft 
6*-y r-7-;/-9kL ^ yhV-^rt9rt<0#®SSc7) 

wm ■ nmmz&mL&UT-?$m<7)®ftb%m 

tmfo 1 0 1 . MtmW 2 b 1 0 «8£$*lx— ^3 



yta-? 1 5~1 6 #>f><D3-7yK£*y r-v-? 1 

izmmitii$:Z3--vm3>zj.-?izmm?hmte 

toy-h^x-f nyb-jL-^i it, Haye*- 
9 3 fcf21iE®J<£i*<I LT * -/ h V-9 1 **o>uy4 > 
*U!£fT3BaBBa»l2t. y'-bWnyta- 
* 1 l&tf*-y h7-?9m- ft:8Bt6flB8 ( I 

1 3 b . =g-S^-t'^SrJ|tt-ri»-9--A' 1 4 1 . ^-y h 
1 6t, x— fWI D^nxV-Y^X 

[0 0 07] to IX. n?-<><7)^ i-if3ytr A 
1 5*»Mf33 Vtfa.-* 1 3W8IK*kJL-if 

I DfciMft-t&t, fiayta-^ l 3Jix~f<7yN- 
*7- KOW:U:n;7V yUBBStm^gl^x-if 
tfmt&9 ?4 7> hizm?. 9747>Y&\t3-- 

SrS^ttl.. iaU. *»h7-^ 1 (Ctt/tX»7- 
hWiirfKlgfiESr^t-fS. ifc, 7-71 

§-f KSIE£«rfigt U y-h7x-f aytjL-^tfc 
(t§yN-X7-Kc7)7FjEA#&^-C'#l.t I/O*. 

[0008] *-yh7-^affiE*aePTflii 

SUN I xyx-rAtfc^-O ^liyr-f^yXxAcT) 
NFS (Network File System) fc&t. ISV^yW 

S (Network Information Service) tf&SfcWSfcfflSft. 
TV*. N I SSr^ffl-rS^tCiiO. *7h7-;f 

sttiffl^ wvy ymzi/XT^coggi; t 

— f<^l>ri:AX7-Ki:<om4"^* { ffxl>. . 
[ 0 0 0 9 ] N I Sli9 H TV V • t-^ff/Ht 
SlSSnS. NIS-9--At{i H V-yrtBflfill.NI 
St-97t4 frZft-OXXhCOZbX'. NIS974 

ryhtJi. ^it^-7-y7 , m$g^S^fi.^hwc: 

tT'ftl.. 
[0010] 

immmixob-rzmm ifrt. Niscii, 

[001 umit. 0^>f yrS^-<X7-r-*S:^ 
jg-TSt^J:^ ^7-HflMB*«*yh7-^± 

X7- H 5r^tJgg?aj*l»OT\ -b^f a 'J r KIS]S 
*^l.t^P^tT-J>S„ 

[0012] 4^:. m2tc. ^^>fTyh*^Oj>& 
miZV- 'VzfflK^fritlz^tz 0, t-A'i>Wl'- 
ytV-y7**W!iE)M$iXl»iOT\ *-y r-7-:5\ ^ 
•9--A{c^*^**tV^^tT$)5. ±a<^!*ff9 
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[0013] *&mi. ±IfiU N I Xi^X-f i^N I S 
[00 14] 

*mth^v- vmrn^za^x . j.~v&emt 

^(ca-X7- F*0Mt>JB7 r4 A^IBflWfls/'W^- 
7-F£Ma^3-tf--A'fc|g3*U WEWWw-Cttjg 
£gA'X7- H fcSQW" 4«l*fr o Z b *mib t 

[0015] ttl % f <D*«y hV—Tfi 

X7- h'fJI^fcfcvv^ 

ryhfc-t&x^-yrk. ffirie^is^^-fryhtfc 

XxAt-rc^fSrOiraSrffaxx'yT-t, AX7 
- F^St 4\s9YV £Jt-— f I DJjift(;:A-X7- F£ 
Hfif*8£&#-tl>XT-yTi:. J0Sfc*4i:UEtrtPi 

? 54 ry h^wnf-xicm?- Fa&SBDtf 

mi&m?v4 tv vfrt>mk%ixx i^uv- f 
$km»*»i uts»<x v- YTggm^mmx-b 
zztz&mi-zxT-yyt. m&*m#--'wmB& 

<m? vATVY ttfl/CW7- FJBWMIMBii* 
*>X-f <y7-fc. ««fcfc*i:1MMHfll??47>'F'C' 

[0016] jg^s *#3!tt, h?-9ft 

-fry hi:. iwte=s^a^9-f ryhSriitT^— r 
f ^ta-ri.'ta-tf- . ms&sm? 5 

4 T> htflffitU-fW«7- FflM&fiM?* 
a— ffSfSr-^<-xi:i£:<ii. a.— fttffstx?- 
F mm®? vATVY izXtthXttWcb , 

fa? 54 rvm^uv- F^jgis^ffl? r 4 
tg#rtS7r4;HE^&i:. *EiW#fc>W7-F 



— f (T^gyN-xv- F *S3S-tS»aSrtf "5 AX7- F 
[00 17] 

[00 18] [SlOggftiBn] 

JBI/CW&WS (Workstation) <rm®9v-<T>Y 2 
0 0 , flt-A' 1 0 0 b %h . ffiK^-K 1 0 Ote 

-fcfr&HWcSft***. tsi7547yr-2ootf>&3& 

[0019] 0 OKIi, jl— ftiffgr-* 

v- Fgggayi i 2 o . iatgns^jL-ifcoffi 

T*<07 r 4 /W£H'JBH-*>5£ii#A'.y^Ax7- FMSrtil 

«fWHSi 13 0k. 54 ry h»t>WM@n , msn 

BBSfetije^vf-K^TiWaMEWll 4 0<7)#M 

iew«cifwa»x»43wmpa#ft: «t s^^rb* i 5 o 
commotio. 

[0020] «-i«?74ryh2oowi. ^ 
Jttl^xv- H S-59Sfl|«a«fflT 9 YV lz&3- 
— ffttft#-rSA-xy-H3gH3vyH2 l 0*« 

-A|cejS^4ycx7-HSaBBV«ai2 2 0^ 
ft, 53$; ^ -x ^-TIBi* LT £ ^i-if IPgfcltS o T pass 
word shadow(?)^gS!!ia$:-f h>*XV- HSfr2 3 0j&»' 
Hfi=§*t. IS^TaMS2 4 0aW-9--A'£*fL 

ri^T§tt&. 

[002 1] *|^®tc«J: *WWwi**J!? 54 
[0022] ) m 2 

•c, &mBma^<omtz^xma£.mwt&. 

UN I X^^Xf-A"C(±. a-xv-ha%jS54 

vxxA^<o#A^#a-r5t$<7)ee 

i&^-rs k ^ T*i» COT. AX7- H^|gl${Ct>(t«. 
[002 3] # < Sl?54Tyh2 0 0tt>^ 
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vyh'2 l o^Uff-rs. #fl?7-f7yhwtt7 
-Fxyh»J*^B|r^-fb (trypt) Sflfc^X V- h'Sr 

aaj-ti. (2ii)„ ort. a— r g#*^sew<o^ 

X7-K£A?>t£ (212). £*»#(fc3iifc^x 
7-KfcAAUyW7-Ki:*JtifcL (2 13) , - 
SttrtJii»/JL-in«B*»7UT. 8tUv<x7-K 
£BB*>fc*>20A;&U (214), A'X7-H330i 

fcl,fcif>W7-Ki:fc«*#L (2 15). «AX7- 
KMHHfcl/CWHWIil: L . A7J LfclB>«7- Hft 
H&^HLLTWSfc LT (216) . WWwCl 0 0 

[0024] c«3'7yFtWff-4ii:fcj:0' , W7 

y4TyV ■ rW7—Y1ERa'?VY2 10). 
[0025] H2 J: 3 fc % WSV-rt 1 0 
OTIittBSfirK'Srifc. >**7-l«3SaBl£3Sfrr 
5(120). «as'iiT*fc*'«7-KSSaiv^ 

ftSit^AX7-Ffc£lW&* (12 1) . A— f 
ffiSDB 1 1 0WW*7-Kfc»MlT*fclB>tX7- 
FfcJfcRL (12 2). 5U*fctt*r><*7-K (#B 
■f^ft*-'Ot9fl:S*utt<0) Sri— fffifUDB 1 1 
OKSUfcLT (12 3). tefrfS (02<7)«a^WN' 

h'^HMS 12 0). 
[0026] flt-^ 1 0 0-C'(ittS^t=5r 

1. 1 s ^.-ifSffiPS^jSMs 1 3 o t ix . a— m 

fgDB 1 1 0^&m7-h'SO6£«*3i* ( 1 6 
1 ) . i-iffffSDB 1 1 0±*>*S*JB*>«t#ftS;h. 
fc^x7-K£-fiL£jgiff$ix*:'Jx h-Sg£6i*ffl 
7r4 MzWZ&ti (16 2). •flSBrffifBS: 
m%-f$>&m?7J T> h 2 0 0 A4BSS*i4 ( 1 6 
3) . 

[0027] mk\,z, &m?74Tyh2oox'im 

H>$m*&*; m^itLX (231). i-HflWRDB 
(S2<D«a^5-f7yhi-'fffifB5Egr3!!ia2 

30) . 

[ 0 0 2 8 ] fclc . 4^fcoi vCJtfMWcKW*-* . 
[00 2 9] 4-fH4*«HLr. ^S^rMTyh 
2 0 0fcrfflS1-|»'N*X7-H^H3-7yH2 l Otou 

-HOA^^S*^^ (211). 3g£W?X7-F£ 
A3rf 6 (212). A7JLfc;N'X7- Kt/etc/shado 
wfc^£ftTV^AX7-Ka^U*fl{f ( 2 1 



3) . ffLWN-X7-h'c0A73* 5 2[5]^§^l) (2 1 
4 , 2 14' ) . £rUvCX7- H* t 2IHftlcH tT* 
fttf ( 2 1 5 ) . ^X^7-Y^S.m^yrAMZ\Enx 
y-vttt^xy-vtfWZ&tti (217). /U7 
-FtefcSSfflBf^Hfc*- TiFNtt* ( 2 1 8 ) . Bf 

7f. Xf772 13,21 5T^L<*V^8£fctt. X 
f-y7*21A, 21BT\ 'W7-FStirfbmi 

[003 0] 05£#i*LT. 
V^KSHlQa2 2 0(COV^KW6. »BJ£«ffc$r4 

t . s-f^?^ ry h 2 o OT-ii^N'xv- hi^t < 

fr&mi I ( 2 2 1 ) . >U7- h'^H7 r 4 /P££T 
rcprivy HSrfflV^T'fBi-^WN'l 0 OiZ^kth ( 2 
2 2). R2Sfc«S!itfc*?S6»*Wlf L (223) . Is 

#fi?5^fryMwu7-« 

jgf^7T-f/^f«rr5 (2 24) . Xf772 2 3 
[003 1 ] iKK. 03£#5SL-C. Wltf-Al 0 0 

±w<x7-KS3e«!ai 2 0(cov»raw*. * 
Tyhfrhqmztixztz'ix 1 ?- K^s^v ^r^f/i' 

2 2 0SrMa-T5. 4-f. vW-Kfif^Wb 1 ; 
CM7T^;WJAh^ML. — D-foaPM-S 
(12 1). /tx*7-MWl7r-f JH 11* J 

^IH^X7-Kfc$r^X7-Kfc£^2 ! 0 ( 1 2 
2 ) . XfCA— fflf^DB 1 1 01^X7- 
fitf ( 1 2 3 ) . #7 WA-fcOUT. ffiffgDB 
1 1 0±<9yN-X7-Kfc7r4/P±<9|B^X7-K#?£ 
Utfltf (124). *r<KX7- JL— fffifgDB 1 
1 OifcRllfcS-tT (status: AX7-K3S5g) HJfrf 

5(125). -edT-^(mtf«!a<o*>^^j--'rt'i 

SriML (128) . JL— fDtSf8B±Ostatus 
£ rytx7-K5eKjfe*j tSSSi"* (129) . ^ 

^5 (12 6). «-JL-r»K:JJ2«SSr»>))g-f 
(127). 

[0032] mzme zmttx . tit-A- 1 o o± 
x'^-^f^Mmm^mm 1 3 otrov^awt*. 
^sif-A* 1 0 0 x\*mB%&iiz%& t . ifffifSD 

B 1 1 0±T'^-ifOiegffPfi^f-x 7 ^ L (13 

1 ) . ^X7-KH^9*-^'JXh£&&U WML 

tz^nyyytfONX'bhfrt'ofrZWSiL ( 1 3 

2 ) . KS^*SMMH«=WJBR8l*f"x y 9 1 ( 1 3 

3) . f(lffl4JKJi<0status^N-X7-h*3SI* l X(i^*X7 
-HIIfTifelJc^ifit* 1 T'*l»*»S:¥il[flft ( 1 34) . v\- 
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h ( i 3 5 ) . zm^mtrnzmmt. $%tmt*i- 

x-y?L (137). mTWm$7?7Z?VT- 
L ( 1 38) . £i-1f^?-xv7£&7L£«>£«r 
L ( 1 39) . &7-f£. 

h 2 0 0±"C^— ffSfgHff 2 3 OfcOV^giBg-f- 
%fi^-y1-tlxm)L. lSlEH^-AlOOfr 

L (234) . i-^f|g«fffll87r-f ^^Cfot 
WI^aL-CV^. 7W/l^;K4y?*>MlT» z * 

atr ( 2 3 5 ) . ort. wf-m o o*^ig^$ 

(236). £Rtim»!SRaflI7 r 4 

(237) . ort, o-~- j f%m , mvT4)v<r> 

M^ti^JiKTLti^fx -y ? L (23 
8) . IO^7T4*£*S-0w<lCiB©*-* (23 

tr^7r4jWifl^-Afc:|Ba3;fii (239) . 
[00 34]iaU>;J:k, HfcfcWC, 

■iryh2Q0\t^ •mrt-v^m.t tx. 

oT^XV-FOSOSSlfcfi^ (230). .TOMS 
tz?T4 ^Jflfwi 1 0 0 izmkth (240). 
SfcLT, «ra^5-fT>h2 0 0*»4>»^7jia 

*rrti> (140) . iif. iBSfcdfeKLfcfc&fc: 
?4 r y hmmmm^ Lxm^Timtrnfftz 

(150) . 
[0035] 

w??4T>h x-m ltws lx KtxmcMW? 



[ 0 0 3 6 ] ifz. t g®*-'*}iX1k* i m?&t:ib. 

wm<Du n i x-?i/>x'hh<m7y4 t> y 

[0037] < m?-^t&m7y4T>b 
•yf-£ffl^Tfinbft£*:y>. F7-7±£8Sfi6 h 

[0B5Offi#&iBBH] 

tan xffiiombmmizx s a* 7- k^m^ 

$f^0-CJ>l>. 

[02 ] *SMHtf)ig»Bttfc:Jt H«a<7)Sth. 
0-Cfc&. 

[03] *^<7)HJfemtcJ:l»^|-t-A'WN 0 X7- 
FS3B8yi*>7n-?-ir- bT* 5 . 
[04 ] *»BH*>S8H0Em:±**S75-f 7y f<7)n 
7. 7 - H rj -7 y >' ^Mcr, y a -f-* - h X' h h „ 

[05] xmvmiMmmizx&'mtyj ryhw 

[06] *!&l»9£iti&B£ J; 5 ^g-^-y N'<7)i-if5g 

[07] *^oHSIMcJ:S«a^5'f T^Ftta 

— f%$rt8mwm<7)y o-f-v- h-e£>£ . 

[08 ] fi!#<7>* y h 7-7l2iE^t X h ^7,-rAjS 
B&0T$>S. 

100 wa-t-/-? 

1 1 0 J--iftPSr-^"<--7. 
120 ^«rA*.yf-/^7-Kgse®l 
130 S^f/N'-yf-y^V-H^S 
140 J^A v f-S«£TS|j8i»BflSl 

200 fa^^-fryh 

2 10 ^XV-Y^a^yh' 

2 2 0 ^A*.y ^n-X7- h'ISE«V««M 
230 ](Mrty*-'tt7-KJGKAMI 
24 0 jgfr^Tiitt5H2 
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[ian 



o 
2> 



O 
fO" 



J 



o 

OJ 



X 




>0g 
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[02] 



130j 



100 



200 



gffi-tJ— /t 




A — <f 1»«DB±0>«*Mt C« SW ffl) 



230, 



0 B 



163 



■ 



200 



/t*7-Fg$! 



i-tf««DBU: 
/tX7-K*v* 



231 



232 



233 



,210 



X 



a - g # # anem/t * 9 - k * A* r a . 



£ArtUfc/tX7- 



X 



<213 



<215 



] 



/t*7- Kttmii/H7 7'OI'€ 
fMtU ©^<fclB/^7-H<i: 



216 



100j 



rC 



I 

I 
I 

-J 



,120 



I 



<121 



B£*&*.IE^{blfl/X;*7 - K£ 



< 



M22 
<123 
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[03] 



120 



&/tX9-F(l£^l:) 



•req -old-pass word 
■req_ new. password 



i 



♦dt>- password 

I 



req-old. password -db_ password ? 





YES 



-1 



125 



status* 
rA*7-K£IEJ tit*. 



/ 


,<28 





,126 



;<x9-K1tl«:7 7-OU£ 



NO 



.127 



<129 



=L-*f tt&DB<Ostatus£ 

r/t*7-K^Sf?*R*j 



±7 7>r^a?«is^T? 



YES 



/110 



J.-tf158 

D B 
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[04] 



-210 



£ /etc/shadowfrbGETfS. 
=> shadow 1 



^> shadow 2 



T 



.211 



212 



,213 



/etc/shadoiflceSSnT04/^9-H X ^Kfcl* 
shadow_ 1 = shadow_2 ? 




.=> pass 1 





A***. =>p»»2 



-214 



.214' 



21A 



<pass 1 ipass 2 x. 



215 



1 



217 



i 



21B 



nyfit-2 



A* 9 - H 18817 r -C ^U'Logi ii-nane" , pass II 

<File Altributes> 
Owner Itu 
USER r- • 
GROUP • • 

OTHER 



218 



219 



<1D 



(11) 32 000-20469 (P2000-20 4e5 



[05] 



3:0 (SB) 




220 









H8C7 7"OI'6 

=>rcp 




f 223 



221 



< 



222 



> 



224 



[08] 



(12) B2 000-20469 (P2000-20 4e5 



[06] 



130 
/ 



131 



If77f=ON? 



YES 



133 



5 



^134 




status** 



YES 



135 



(Append) 



136 



-.□^'f^fi ;UID;GI0 



NOj 



137 



±§g$fc£?xvi'»7? 



3 



LYES 



H38 



NO 



£a— tf<0^x?*l*7? 
I YES 
fc7 




/139 

J 



(13) 32000 
[07] 



-20469 (P2000-204e5 



/ 



230 
;234 



=L - tf JEfrltS 7 7 -f * 




ttB-r*. 








r 235 






t 







- / 


236 


ssi-y— 






/237 








,238 


/ a— s ! saisa7 7'f;u© > 


v NO 



YES 



239 



, YES 



